Integrating an application or service with a learning platform using a database system

ABSTRACT

A learning platform may be integrated with an application or service using a database system. A user interface associated with the application or service may be displayed on a device of a user of an application or service. The user may be identified as being associated with a learning platform. First data related to performance of the user in the learning platform may be accessed. An interaction of the user with the application or service may be processed. It may be determined that the user is unauthorized to perform the interaction. The user may be presented with learning content associated with the learning platform. In response to determining that the user has completed the learning content, authorization to perform the interaction may be provided to the user.

CROSS-REFERENCE TO RELATED APPLICATIONS

This patent document claims priority to Provisional U.S. Patent Application No. 62/735,321 (A4138PROV_SFDCP005P) by Doti et al., titled “INTEGRATING AN APPLICATION OR SERVICE WITH A LEARNING PLATFORM USING A DATABASE SYSTEM”, filed Sep. 24, 2018. Provisional U.S. Patent Application No. 62/735,321 is hereby incorporated by reference in its entirety and for all purposes.

COPYRIGHT NOTICE

A portion of the disclosure of this patent document contains material which is subject to copyright protection. The copyright owner has no objection to the facsimile reproduction by anyone of the patent document or the patent disclosure as it appears in the United States Patent and Trademark Office patent file or records but otherwise reserves all copyright rights whatsoever

FIELD OF TECHNOLOGY

This patent document relates generally to database systems and more specifically to integrating an application or service with a learning platform using a database system.

BACKGROUND

“Cloud computing” services provide shared resources, applications, and information to computers and other devices upon request. In cloud computing environments, services can be provided by one or more servers accessible over the Internet rather than installing software locally on in-house computer systems. Users can interact with cloud computing services to undertake a wide range of tasks.

BRIEF DESCRIPTION OF THE DRAWINGS

The included drawings are for illustrative purposes and serve only to provide examples of possible structures and operations for the disclosed inventive systems, apparatus, methods and computer program products for processing keyboard input to perform events in relation to calendar items using a web browser-based application or online service. These drawings in no way limit any changes in form and detail that may be made by one skilled in the art without departing from the spirit and scope of the disclosed implementations.

FIG. 1 shows a flowchart of an example of a method for integrating an application or service with a learning platform using a database system, performed in accordance with some implementations.

FIG. 2 shows an example of a Graphical User Interface (GUI), in accordance with some implementations.

FIG. 3 shows a block diagram of an example of a system for integrating a learning platform and an application or service, in accordance with some implementations.

FIGS. 4-6 show examples of GUIs, in accordance with some implementations.

FIG. 7 shows a block diagram of an example of an environment that includes an on-demand database service configured in accordance with some implementations.

FIG. 8A shows a system diagram of an example of architectural components of an on-demand database service environment, configured in accordance with some implementations.

FIG. 8B shows a system diagram further illustrating an example of architectural components of an on-demand database service environment, in accordance with some implementations.

FIG. 9 illustrates one example of a computing device, configured in accordance with one or more embodiments.

DETAILED DESCRIPTION

Some implementations of the disclosed systems, apparatus, methods and computer program products are configured for integrating an application or service with a learning platform using a database system. As described in further detail below, such a user learning platform may provide interactive training exercises and other content relating to use of any type of application or service such as a Customer Relationship Management (CRM) Platform, a social networking system, any type of consumer or business software, etc. While CRM platforms are discussed herein as an example of an application or service, one having skill in the art can appreciate that the examples of applications or services described herein may be substituted for any suitable application or service such as those described above.

Conventional learning platforms such as those provided by Lynda® and Treehouse® can be poorly integrated with the subject matter they are attempting to teach, leading to inefficient training and missed opportunities to incentivize learning. By way of illustration, Wuthering Lights, a multinational corporation specializing in the sale of candles, is implementing a new CRM platform. Catherine, the Chief Executive Officer (CEO) of Wuthering Lights, employs a conventional learning platform to teach Wuthering Lights employees how to use the new CRM platform. Heathcliff, a salesman at Wuthering Lights, diligently works to complete training exercises in his spare time while struggling to learn the new CRM platform. Unfortunately, instead of receiving hands-on learning, Heathcliff's learning experience is completely separate from his day-to-day use of the new CRM platform. Such separation between the learning platform and the CRM platform causes Heathcliff to waste valuable time switching between platforms and prevents him from being aware of several important deficiencies that would be more apparent if the platforms were better integrated. Furthermore, Heathcliff's achievements in the learning platform are not recognized in the CRM platform and vice versa, leading to a missed opportunity to provide incentives to Heathcliff for learning about new features of the CRM platform.

By contrast, some of the disclosed techniques can be used to integrate a learning platform with an application or service, displaying learning content to a user intelligently as he or she navigates the application or service. Returning to the above example, Wuthering Lights can use the disclosed techniques to provide a learning platform that is completely integrated with their CRM platform. By way of illustration, as Heathcliff performs tasks in the CRM platform (e.g., logging sales or adding new leads,) opportunities to engage in training exercises related to these tasks can be presented to him via the learning platform. Furthermore, information relating to Heathcliff's performance in the learning platform can be displayed to him as he interacts with the CRM platform, reminding Heathcliff that he needs to complete further training.

In some implementations, the learning platform can be leveraged to provide automated verification to ensure that users can only perform tasks in the application or service for which they have received adequate training. By way of example, Nelly attempts to convert a lead in the CRM platform. This is Nelly's first lead conversion, and she does not yet know the proper procedure for performing a lead conversion. As such, the CRM platform can access Nelly's data in the learning platform. It can be determined that she has not completed any training related to lead conversion. Therefore, she can be prevented from entering the lead conversion and presented with a training exercise that covers the basics of lead conversion via the learning platform. Once she has completed the training exercise, data indicating her completion of the training exercise may be provided to the CRM platform. Nelly may then be automatically provided with authorization to perform the lead conversion in the CRM platform.

FIG. 1 shows a flowchart of an example of a method for integrating an application or service with a learning platform using a database system, performed in accordance with some implementations. FIG. 1 is described below in the context of FIGS. 2-6. FIG. 2 shows an example of a Graphical User Interface (GUI), in accordance with some implementations. FIG. 3 shows a block diagram of an example of a system for integrating a learning platform and an application or service, in accordance with some implementations. FIGS. 4-6 show examples of GUIs, in accordance with some implementations.

At 104 of FIG. 1, a user interface, such as user interface 200 of FIG. 2 is displayed on a computing device of a user of an application or service. The user interface displayed at 104 of FIG. 1 may be a user interface of any type of application or service, as described above. For example, user interface 200 is the user interface of a CRM platform. User interface 200 includes opportunities page 204, which includes a list of opportunities that were recently viewed by Nelly Dean, a user of the CRM platform.

At 108 of FIG. 1, the user is identified as being associated with a learning platform. By way of illustration, returning to the example of the preceding paragraph, when Nelly Dean logs into the CRM platform, a database system may identify Nelly Dean's login information as being cross-referenced with a user account in the learning platform. As such, Nelly Dean can be automatically identified as being both a user of the CRM platform and the learning platform at the time he logs into either the CRM platform or the learning platform.

At 112 of FIG. 1, data related to performance of the user in the learning platform is accessed. Such data may be accessed by the application or service via a connector connecting the learning platform and the application or service. Such a connector may be configurable to provide a variety of connections between the application or service and the learning platform. By way of example, in FIG. 3, integrated learning system 300 includes learning platform 304 and application or service 308. The learning platform 304 and the application or service 308 are connected via connector 306, which includes connections 312(1)-(n). Each connection 312(1)-(n) represents a particular instance of information sharing between the learning platform 304 and the application or service 308. For instance, connection 312(1) may represent the sharing or rank and profile data between the learning platform 304 and the application or service 308. The integrated learning system 300 may be provided to user devices 316 via an on-demand computing environment, as discussed further below in the context of FIGS. 7-9. By way of example, the learning platform 304 and the application or service 308 may be provided to a variety of tenant organizations in a multi-tenant database system, as described below.

The connector 306 may be implemented in a variety of manners. By way of illustration, an application programming interface (API) may be implemented to allow the learning platform and the application or service to securely share data. In some implementations, the connector may be implemented using a web browser extension, such as a Chrome® plugin. Such a browser extension may be configured to access information from the learning platform and provide the information to the application or service and vice versa. By way of example, the web browser extension may operate while a Heathcliff is interacting with the CRM platform using his web browser. The browser extension may make API calls to a server implementing the learning platform; thus, allowing information from the learning platform to be presented to the Heathcliff as he interacts with the CRM platform. Similarly, the browser extension may send information related to Heathcliff's interaction with the CRM platform to a server implementing the learning platform such that the Heathcliff's behavior in the CRM platform can be logged in the learning platform.

The data accessed from the learning platform by the application or service at 112 of FIG. 1 may take a variety of forms. For instance, in some implementations, the data accessed at 112 of FIG. 1 may include history, status, progress, rank, or profile information related to the user's history, status, progress, rank, or profile the learning platform. By way of example, when Nelly attempts to convert her first lead in the CRM platform, the CRM platform may access Nelly's history in the learning platform to determine that Nelly has not yet consumed any learning content relating to lead conversion, as discussed further below.

Also of alternatively, the application or service may access information relating to a user's achievements in the learning platform. By way of illustration, when Heathcliff logs a sale, the CRM platform may access data relating to Heathcliff's achievements in the learning platform to determine that Heathcliff has received the “Sales Expert Badge,” indicating that Heathcliff has completed many exercises relating to sales in the learning platform. Heathcliff may, therefore, be presented with an optional “advanced sales module” via the CRM platform, which touches on advanced sales concepts that are designed for presentation for a sales expert like Heathcliff.

In some implementations, data accessed from the learning platform by the application or service at 112 of FIG. 1 may be displayed in the user interface of the application or service. By way of example, in FIG. 2, a presentation 208 of Nelly Dean's status and progress data from the learning platform is displayed in the user interface 200 of the CRM platform.

At 116 of FIG. 1, an interaction with the application or service is processed. Such an interaction may include any type of input from a user using with the application or service. By way of example, Nelly may perform an interaction with the CRM platform by attempting to convert her first lead, Heathcliff may perform an interaction with the CRM platform by logging his most recent sale, Catherine may perform an interaction with the CRM platform by generating a new custom object for users of the Wuthering Lights organization, etc.

At 120 of FIG. 1, it is determined that the user is unauthorized to perform the interaction with the application or service. The determination that the user is unauthorized to perform the interaction may be made based on the data accessed at 112 of FIG. 1. By way of example, in response to Nelly attempting to convert her first lead in the CRM platform, it may be determined that Nelly is unauthorized to convert a lead in the CRM platform because Nelly's history in the learning platform indicates that Nelly has not yet consumed requisite learning content relating to lead conversion.

At 124 of FIG. 1, the user is presented with learning content of the learning platform. The user may be presented with such learning content in response to the determination at 120 of FIG. 1 that the user is unauthorized to perform the interaction with the application or service. By way of illustration, returning to the example of the preceding paragraph, in response to the determination that Nelly is unauthorized to convert the lead, Nelly may be presented with an “Introduction to Lead Conversion” module via the user interface of the CRM platform.

At 128 of FIG. 1, it is determined that the user has completed the learning content presented to her at 124. By way of example, returning to the above example, when Nelly finishes the Introduction to Lead Conversion module, a database system implementing the learning platform may determine that Nelly has completed the Introduction to Lead Conversion module. As such, data indicating Nelly's completion of the Introduction to Lead Conversion module may be provided to the CRM platform from the learning platform.

At 132 of FIG. 1, authorization is provided to the user to perform the interaction with the application or service. In some implementations, such authorization may be provided responsive to the determination at 128 of FIG. 1 that the user has completed the learning content. By way of illustration, when it the CRM platform receives the data indicating that Nelly has completed the Introduction to Lead Conversion module, authorization may be provided to Nelly to convert the lead.

In some implementations, a user's activity in the application or service may drive optional learning in the learning platform. For example, at 136 of FIG. 1, an interaction with the application or service is processed. As discussed above in the context of 116 of FIG. 1, such an interaction may include any type of input from a user using with the application or service. By way of example, Lockwood, a new employee of Wuthering Lights may be logging into the CRM platform for the first time, Nelly may be modifying an account record, Catherine may be adding a new user to the CRM platform, etc.

In some implementations, at 140 of FIG. 1, optional learning content from the learning platform is identified. Such learning content may be identified based on the interaction processed at 136 of FIG. 1. By way of illustration, referring to an example from the preceding paragraph, an optional training exercise relating to the modification of account records may be identified based on Nelly's modification of an account record.

At 144, the user is presented with the optional learning content identified at 140. In some implementations, the user may be presented with such optional learning content in response to the identification of such optional learning content at 140. By way of example, returning to the above example, once the optional training exercise has been identified in response to on Nelly's modification of an account record in the application or service, Nelly may be automatically presented with the optional training exercise via the learning platform.

In some implementations, any of the learning content discussed herein may include a customizable list of learning content also referred to as a “trailmix.” Such a customizable list of learning content may be configurable by an authorized user of the application or service to include any type of learning content from the learning platform. By way of example, such a customizable list may include modules, videos, walkthroughs or other interactive training exercises, videos, URLs to web-based learning content such as articles, .pdf files containing text from books or journals, courses or lessons, etc. Such a customizable list of learning content may be shareable to any users or groups of users in a particular organization that is implementing the application or service. By way of example, a customizable list of learning content from the learning platform may be assigned via the CRM platform to users having certain roles, e.g., sales representatives, administrators, customer service representatives, etc.

A customizable list of learning content may mix and match learning content that can be tailored for any desired learning experience. For example, Catherine may create a customizable list of learning content entitled “the onboarding presentation.” The onboarding presentation may include any type of learning content that is helpful in getting new employees of Wuthering Lights up to speed with the CRM platform. By way of illustration, when Lockwood logs into the CRM platform for the first time, the CRM platform may access optional training content from the learning platform to help with Lockwood's on-boarding process using the techniques described above. As such, Lockwood may be presented with prompt 400 of FIG. 4, when he logs onto the CRM platform for the first time. Lockwood may access the onboarding presentation created by Catherine by clicking or tapping button 404.

In some implementations, the application or service may be dynamically updated as the learning content is created or modified via the learning platform. By way of example, using list customization screen 502 (which is a user interface for generating and/or modifying customizable lists of learning content in the learning platform,) Catherine specifies “salesforce release strategies,” 504 “spring 18 release highlights,” 508, and “get an overview . . . ” 516 to be included in welcome mat 500. Welcome mat 500 is a customizable list of learning content that is presented to users when they log into the Spring 2018 release of the CRM platform. At some point, Catherine may decide that she no longer wants to include “spring 18 release highlights” 508 in the welcome mat 500. As such, Catherine may remove “spring 18 release highlights” 508 from the welcome mat 500 via the list customization screen 502 of the learning platform. Heathcliff may be interacting with the welcome mat 500 via the CRM platform when Catherine removes “spring 18 release highlights” 508 from the welcome mat 500. Using the techniques described above, the learning platform may act as a data source for the CRM platform. As such, if Heathcliff refreshes his Internet browser after Catherine removes “spring 18 release highlights” 508 from the welcome mat 500, “spring 18 release highlights” 508 may be automatically removed from the user interface of the CRM platform as displayed on Heathcliff's computing device.

Similarly, in some implementations, data in the learning platform may be dynamically updated in response to a user's interactions with the application or service. By way of illustration, returning to the example of the preceding paragraph, Heathcliff may complete the learning content of the welcome mat 500 via the CRM platform. As such, the learning platform may be automatically informed that Heathcliff has completed the welcome mat 500, and Heathcliff's profile in the learning platform may be updated accordingly, using the techniques described above.

In some implementations, at 148 of FIG. 1, a request to disable a connection between the application or service and the learning platform is processed. By way of illustration, an administrator at a particular organization may wish to disable a particular one of connections 312(1)-(n) between the learning platform 304 and the application or service 308 of FIG. 3. For example, if Wuthering Lights employees are becoming too competitive as a result of being able to see rank and progress indicators, Catherine may navigate to settings screen 600 of FIG. 6 and toggle switch 604 to disable the sharing of data related to users' rank and progress information between the learning platform learning platform 304 and the application or service 308 of FIG. 3. Alternatively, if Catherine wishes to disable all of the connections 312(1)-(n) between the learning platform 304 and the application or service 308, she may toggle switch 608 of FIG. 6. In another example, if Catherine wishes to disable notifications of content updates for a user's activity in the learning platform, she may toggle switch 612. Similarly, if Catherine wishes to disable achievements in the application or service, discussed below, she may toggle switch 616.

In some implementations at 152 of FIG. 1, a connection between the application or service and the learning platform is disabled. By way of illustration, returning to the example of the preceding paragraph, in response to Catherine toggling of switch 704 of FIG. 7, the sharing of data related to users' rank and progress between the learning platform learning platform 304 and the application or service 308 of FIG. 3 may be disabled.

The techniques described herein may be applied to integrate a variety of applications or services with a learning platform. For example, one having skill in the art can appreciate that several applications or services may be integrated with a learning platform using the techniques described above. By way of illustration, Wuthering Lights may choose to implement both a CRM platform and an enterprise social networking system such as Chatter®. Wuthering Lights may integrate both their CRM platform and their enterprise social networking system using the techniques described above.

In some implementations, recommendations of learning content from the learning platform may be presented. By way of example, a user may choose to receive recommendations of learning contentment from a learning platform as she interacts with an application or service. Such recommendations may be provided from the learning platform to the application or service using the techniques described above in the context of FIG. 1. Such recommendations may be automatically generated using a predictive analytics such as machine learning techniques, classification models, or frequentist or Bayesian statistical inference. Such recommendations may be generated based on behavior of a user in the learning platform and/or the application or service. By way of illustration, ninety three percent of users who have a skill profile similar to Heathcliff also complete a particular learning exercise. Therefore, Heathcliff may be provided with a recommendation to complete the particular learning exercise. In another example, Heathcliff may express interest in a new position of employment. It may be determined that the new position of employment requires particular skills that Heathcliff is yet to acquire. As such, learning content that teaches the particular skills may be automatically recommended to Heathcliff.

In some implementations, an integrated reward system that incentivizes achievements in both the learning platform and the application or service can be provided. By way of illustration, “stamps” may be a type of award provided to users for completing certain tasks in the CRM platform. As such, stamps can be provided to Heathcliff as he uses various features in the CRM platform. As he earns more and more stamps, Heathcliff becomes excited about learning, so he begins completing optional tasks in the learning platform attaining other types of awards such as “badges,” “super badges,” and “master badges” that are available in the learning platform. Each type of award may be worth a certain amount of points, which total across the learning platform, the CRM platform, and other integrated applications or services. Heathcliff wants to increase his point totals for his own personal enjoyment as well as to keep up with his peers. As a result, Heathcliff increases his knowledge of the CRM platform through both hands-on experience and through the completion of training exercises.

FIG. 7 shows a block diagram of an example of an environment 710 that includes an on-demand database service configured in accordance with some implementations. Environment 710 may include user systems 712, network 714, database system 716, processor system 717, application platform 718, network interface 720, tenant data storage 722, tenant data 723, system data storage 724, system data 725, program code 726, process space 728, User Interface (UI) 730, Application Program Interface (API) 732, PL/SOQL 734, save routines 736, application setup mechanism 738, application servers 750-1 through 750-N, system process space 752, tenant process spaces 754, tenant management process space 760, tenant storage space 762, user storage 764, and application metadata 766. Some of such devices may be implemented using hardware or a combination of hardware and software and may be implemented on the same physical device or on different devices. Thus, terms such as “data processing apparatus,” “machine,” “server” and “device” as used herein are not limited to a single hardware device, but rather include any hardware and software configured to provide the described functionality.

An on-demand database service, implemented using system 716, may be managed by a database service provider. Some services may store information from one or more tenants into tables of a common database image to form a multi-tenant database system (MTS). As used herein, each MTS could include one or more logically and/or physically connected servers distributed locally or across one or more geographic locations. Databases described herein may be implemented as single databases, distributed databases, collections of distributed databases, or any other suitable database system. A database image may include one or more database objects. A relational database management system (RDBMS) or a similar system may execute storage and retrieval of information against these objects.

In some implementations, the application platform 18 may be a framework that allows the creation, management, and execution of applications in system 716. Such applications may be developed by the database service provider or by users or third-party application developers accessing the service. Application platform 718 includes an application setup mechanism 738 that supports application developers' creation and management of applications, which may be saved as metadata into tenant data storage 722 by save routines 736 for execution by subscribers as one or more tenant process spaces 754 managed by tenant management process 760 for example. Invocations to such applications may be coded using PL/SOQL 734 that provides a programming language style interface extension to API 732. A detailed description of some PL/SOQL language implementations is discussed in commonly assigned U.S. Pat. No. 7,730,478, titled METHOD AND SYSTEM FOR ALLOWING ACCESS TO DEVELOPED APPLICATIONS VIA A MULTI-TENANT ON-DEMAND DATABASE SERVICE, by Craig Weissman, issued on Jun. 1, 2010, and hereby incorporated by reference in its entirety and for all purposes. Invocations to applications may be detected by one or more system processes. Such system processes may manage retrieval of application metadata 766 for a subscriber making such an invocation. Such system processes may also manage execution of application metadata 766 as an application in a virtual machine.

In some implementations, each application server 750 may handle requests for any user associated with any organization. A load balancing function (e.g., an F5 Big-IP load balancer) may distribute requests to the application servers 750 based on an algorithm such as least-connections, round robin, observed response time, etc. Each application server 750 may be configured to communicate with tenant data storage 722 and the tenant data 723 therein, and system data storage 724 and the system data 725 therein to serve requests of user systems 712. The tenant data 723 may be divided into individual tenant storage spaces 762, which can be either a physical arrangement and/or a logical arrangement of data. Within each tenant storage space 762, user storage 764 and application metadata 766 may be similarly allocated for each user. For example, a copy of a user's most recently used (MRU) items might be stored to user storage 764. Similarly, a copy of MRU items for an entire tenant organization may be stored to tenant storage space 762. A UI 730 provides a user interface and an API 732 provides an application programming interface to system 716 resident processes to users and/or developers at user systems 712.

System 716 may implement a web-based learning platform and/or application or service. For example, in some implementations, system 716 may include application servers configured to implement and execute software applications related to the learning platform and/or the application or service. The application servers may be configured to provide related data, code, forms, web pages and other information to and from user systems 712. Additionally, the application servers may be configured to store information to, and retrieve information from a database system. Such information may include related data, objects, and/or Webpage content. With a multi-tenant system, data for multiple tenants may be stored in the same physical database object in tenant data storage 722, however, tenant data may be arranged in the storage medium(s) of tenant data storage 722 so that data of one tenant is kept logically separate from that of other tenants. In such a scheme, one tenant may not access another tenant's data, unless such data is expressly shared.

Several elements in the system shown in FIG. 7 include conventional, well-known elements that are explained only briefly here. For example, user system 712 may include processor system 712A, memory system 712B, input system 712C, and output system 712D. A user system 712 may be implemented as any computing device(s) or other data processing apparatus such as a mobile phone, laptop computer, tablet, desktop computer, or network of computing devices. User system 12 may run an Internet browser allowing a user (e.g., a subscriber of an MTS) of user system 712 to access, process and view information, pages and applications available from system 716 over network 714. Network 714 may be any network or combination of networks of devices that communicate with one another, such as any one or any combination of a LAN (local area network), WAN (wide area network), wireless network, or other appropriate configuration.

The users of user systems 712 may differ in their respective capacities, and the capacity of a particular user system 712 to access information may be determined at least in part by “permissions” of the particular user system 712. As discussed herein, permissions generally govern access to computing resources such as data objects, components, and other entities of a computing system, such as a learning platform, a social networking system, a CRM database system, and/or any other type of application or service. “Permission sets” generally refer to groups of permissions that may be assigned to users of such a computing environment. For instance, the assignments of users and permission sets may be stored in one or more databases of System 716. Thus, users may receive permission to access certain resources. A permission server in an on-demand database service environment can store criteria data regarding the types of users and permission sets to assign to each other. For example, a computing device can provide to the server data indicating an attribute of a user (e.g., geographic location, industry, role, level of experience, etc.) and particular permissions to be assigned to the users fitting the attributes. Permission sets meeting the criteria may be selected and assigned to the users. Moreover, permissions may appear in multiple permission sets. In this way, the users can gain access to the components of a system.

In some an on-demand database service environments, an Application Programming Interface (API) may be configured to expose a collection of permissions and their assignments to users through appropriate network-based services and architectures, for instance, using Simple Object Access Protocol (SOAP) Web Service and Representational State Transfer (REST) APIs.

In some implementations, a permission set may be presented to an administrator as a container of permissions. However, each permission in such a permission set may reside in a separate API object exposed in a shared API that has a child-parent relationship with the same permission set object. This allows a given permission set to scale to millions of permissions for a user while allowing a developer to take advantage of joins across the API objects to query, insert, update, and delete any permission across the millions of possible choices. This makes the API highly scalable, reliable, and efficient for developers to use.

In some implementations, a permission set API constructed using the techniques disclosed herein can provide scalable, reliable, and efficient mechanisms for a developer to create tools that manage a user's permissions across various sets of access controls and across types of users. Administrators who use this tooling can effectively reduce their time managing a user's rights, integrate with external systems, and report on rights for auditing and troubleshooting purposes. By way of example, different users may have different capabilities with regard to accessing and modifying application and database information, depending on a user's security or permission level, also called authorization. In systems with a hierarchical role model, users at one permission level may have access to applications, data, and database information accessible by a lower permission level user, but may not have access to certain applications, database information, and data accessible by a user at a higher permission level.

As discussed above, system 716 may provide on-demand database service to user systems 712 using an MTS arrangement. By way of example, one tenant organization may be a company that employs a sales force where each salesperson uses system 716 to manage their sales process. Thus, a user in such an organization may maintain contact data, leads data, customer follow-up data, performance data, goals and progress data, etc., all applicable to that user's personal sales process (e.g., in tenant data storage 722). In this arrangement, a user may manage his or her sales efforts and cycles from a variety of devices, since relevant data and applications to interact with (e.g., access, view, modify, report, transmit, calculate, etc.) such data may be maintained and accessed by any user system 712 having network access.

When implemented in an MTS arrangement, system 716 may separate and share data between users and at the organization-level in a variety of manners. For example, for certain types of data each user's data might be separate from other users' data regardless of the organization employing such users. Other data may be organization-wide data, which is shared or accessible by several users or potentially all users form a given tenant organization. Thus, some data structures managed by system 716 may be allocated at the tenant level while other data structures might be managed at the user level. Because an MTS might support multiple tenants including possible competitors, the MTS may have security protocols that keep data, applications, and application use separate. In addition to user-specific data and tenant-specific data, system 716 may also maintain system-level data usable by multiple tenants or other data. Such system-level data may include industry reports, news, postings, and the like that are sharable between tenant organizations.

In some implementations, user systems 712 may be client systems communicating with application servers 750 to request and update system-level and tenant-level data from system 716. By way of example, user systems 712 may send one or more queries requesting data of a database maintained in tenant data storage 722 and/or system data storage 724. An application server 750 of system 716 may automatically generate one or more SQL statements (e.g., one or more SQL queries) that are designed to access the requested data. System data storage 724 may generate query plans to access the requested data from the database.

The database systems described herein may be used for a variety of database applications. By way of example, each database can generally be viewed as a collection of objects, such as a set of logical tables, containing data fitted into predefined categories. A “table” is one representation of a data object, and may be used herein to simplify the conceptual description of objects and custom objects according to some implementations. It should be understood that “table” and “object” may be used interchangeably herein. Each table generally contains one or more data categories logically arranged as columns or fields in a viewable schema. Each row or record of a table contains an instance of data for each category defined by the fields. For example, a CRM database may include a table that describes a customer with fields for basic contact information such as name, address, phone number, fax number, etc. Another table might describe a purchase order, including fields for information such as customer, product, sale price, date, etc. In some multi-tenant database systems, standard entity tables might be provided for use by all tenants. For CRM database applications, such standard entities might include tables for case, account, contact, lead, and opportunity data objects, each containing pre-defined fields. It should be understood that the word “entity” may also be used interchangeably herein with “object” and “table”.

In some implementations, tenants may be allowed to create and store custom objects, or they may be allowed to customize standard entities or objects, for example by creating custom fields for standard objects, including custom index fields. Commonly assigned U.S. Pat. No. 7,779,039, titled CUSTOM ENTITIES AND FIELDS IN A MULTI-TENANT DATABASE SYSTEM, by Weissman et al., issued on Aug. 17, 2010, and hereby incorporated by reference in its entirety and for all purposes, teaches systems and methods for creating custom objects as well as customizing standard objects in an MTS. In certain implementations, for example, all custom entity data rows may be stored in a single multi-tenant physical table, which may contain multiple logical tables per organization. It may be transparent to customers that their multiple “tables” are in fact stored in one large table or that their data may be stored in the same table as the data of other customers.

FIG. 8A shows a system diagram of an example of architectural components of an on-demand database service environment 800, configured in accordance with some implementations. A client machine located in the cloud 804 may communicate with the on-demand database service environment via one or more edge routers 808 and 812. A client machine may include any of the examples of user systems 712 described above. The edge routers 808 and 812 may communicate with one or more core switches 820 and 824 via firewall 816. The core switches may communicate with a load balancer 828, which may distribute server load over different pods, such as the pods 840 and 844 by communication via pod switches 832 and 836. The pods 840 and 844, which may each include one or more servers and/or other computing resources, may perform data processing and other operations used to provide on-demand services. Components of the environment may communicate with a database storage 856 via a database firewall 848 and a database switch 852.

Accessing an on-demand database service environment may involve communications transmitted among a variety of different components. The environment 800 is a simplified representation of an actual on-demand database service environment. For example, some implementations of an on-demand database service environment may include anywhere from one to many devices of each type. Additionally, an on-demand database service environment need not include each device shown, or may include additional devices not shown, in FIGS. 8A and 8B.

The cloud 804 refers to any suitable data network or combination of data networks, which may include the Internet. Client machines located in the cloud 804 may communicate with the on-demand database service environment 800 to access services provided by the on-demand database service environment 800. By way of example, client machines may access the on-demand database service environment 800 to retrieve, store, edit, and/or process a variety of information such as learning content from a learning platform or data from an application or service such as a CRM platform.

In some implementations, the edge routers 808 and 812 route packets between the cloud 804 and other components of the on-demand database service environment 800. The edge routers 808 and 812 may employ the Border Gateway Protocol (BGP). The edge routers 808 and 812 may maintain a table of IP networks or ‘prefixes’, which designate network reachability among autonomous systems on the internet.

In one or more implementations, the firewall 816 may protect the inner components of the environment 800 from internet traffic. The firewall 816 may block, permit, or deny access to the inner components of the on-demand database service environment 800 based upon a set of rules and/or other criteria. The firewall 816 may act as one or more of a packet filter, an application gateway, a stateful filter, a proxy server, or any other type of firewall.

In some implementations, the core switches 820 and 824 may be high-capacity switches that transfer packets within the environment 800. The core switches 820 and 824 may be configured as network bridges that quickly route data between different components within the on-demand database service environment. The use of two or more core switches 820 and 824 may provide redundancy and/or reduced latency.

In some implementations, communication between the pods 840 and 844 may be conducted via the pod switches 832 and 836. The pod switches 832 and 836 may facilitate communication between the pods 840 and 844 and client machines, for example via core switches 820 and 824. Also or alternatively, the pod switches 832 and 836 may facilitate communication between the pods 840 and 844 and the database storage 856. The load balancer 828 may distribute workload between the pods, which may assist in improving the use of resources, increasing throughput, reducing response times, and/or reducing overhead. The load balancer 828 may include multilayer switches to analyze and forward traffic.

In some implementations, access to the database storage 856 may be guarded by a database firewall 848, which may act as a computer application firewall operating at the database application layer of a protocol stack. The database firewall 848 may protect the database storage 856 from application attacks such as structure query language (SQL) injection, database rootkits, and unauthorized information disclosure. The database firewall 848 may include a host using one or more forms of reverse proxy services to proxy traffic before passing it to a gateway router and/or may inspect the contents of database traffic and block certain content or database requests. The database firewall 848 may work on the SQL application level atop the TCP/IP stack, managing applications' connection to the database or SQL management interfaces as well as intercepting and enforcing packets traveling to or from a database network or application interface.

In some implementations, the database storage 856 may be an on-demand database system shared by many different organizations. The on-demand database service may employ a single-tenant approach, a multi-tenant approach, a virtualized approach, or any other type of database approach. Communication with the database storage 856 may be conducted via the database switch 852. The database storage 856 may include various software components for handling database queries. Accordingly, the database switch 852 may direct database queries transmitted by other components of the environment (e.g., the pods 840 and 844) to the correct components within the database storage 856.

FIG. 8B shows a system diagram further illustrating an example of architectural components of an on-demand database service environment, in accordance with some implementations. The pod 844 may be used to render services to user(s) of the on-demand database service environment 800. The pod 844 may include one or more content batch servers 864, content search servers 868, query servers 882, file servers 886, access control system (ACS) servers 880, batch servers 884, and app servers 888. Also, the pod 844 may include database instances 890, quick file systems (QFS) 892, and indexers 894. Some or all communication between the servers in the pod 844 may be transmitted via the switch 836.

In some implementations, the app servers 888 may include a framework dedicated to the execution of procedures (e.g., programs, routines, scripts) for supporting the construction of applications provided by the on-demand database service environment 800 via the pod 844. One or more instances of the app server 888 may be configured to execute all or a portion of the operations of the services described herein.

In some implementations, as discussed above, the pod 844 may include one or more database instances 890. A database instance 890 may be configured as an MTS in which different organizations share access to the same database, using the techniques described above. Database information may be transmitted to the indexer 894, which may provide an index of information available in the database 890 to file servers 886. The QFS 892 or other suitable filesystem may serve as a rapid-access file system for storing and accessing information available within the pod 844. The QFS 892 may support volume management capabilities, allowing many disks to be grouped together into a file system. The QFS 892 may communicate with the database instances 890, content search servers 868 and/or indexers 894 to identify, retrieve, move, and/or update data stored in the network file systems (NFS) 896 and/or other storage systems.

In some implementations, one or more query servers 882 may communicate with the NFS 896 to retrieve and/or update information stored outside of the pod 844. The NFS 896 may allow servers located in the pod 844 to access information over a network in a manner similar to how local storage is accessed. Queries from the query servers 822 may be transmitted to the NFS 896 via the load balancer 828, which may distribute resource requests over various resources available in the on-demand database service environment 800. The NFS 896 may also communicate with the QFS 892 to update the information stored on the NFS 896 and/or to provide information to the QFS 892 for use by servers located within the pod 844.

In some implementations, the content batch servers 864 may handle requests internal to the pod 844. These requests may be long-running and/or not tied to a particular customer, such as requests related to log mining, cleanup work, and maintenance tasks. The content search servers 868 may provide query and indexer functions such as functions allowing users to search through content stored in the on-demand database service environment 800. The file servers 886 may manage requests for information stored in the file storage 898, which may store information such as documents, images, basic large objects (BLOBs), etc. The query servers 882 may be used to retrieve information from one or more file systems. For example, the query system 882 may receive requests for information from the app servers 888 and then transmit information queries to the NFS 896 located outside the pod 844. The ACS servers 880 may control access to data, hardware resources, or software resources called upon to render services provided by the pod 844. The batch servers 884 may process batch jobs, which are used to run tasks at specified times. Thus, the batch servers 884 may transmit instructions to other servers, such as the app servers 888, to trigger the batch jobs.

While some of the disclosed implementations may be described with reference to a system having an application server providing a front end for an on-demand database service capable of supporting multiple tenants, the disclosed implementations are not limited to multi-tenant databases nor deployment on application servers. Some implementations may be practiced using various database architectures such as ORACLE®, DB2® by IBM and the like without departing from the scope of present disclosure.

FIG. 9 illustrates one example of a computing device. According to various embodiments, a system 900 suitable for implementing embodiments described herein includes a processor 901, a memory module 903, a storage device 905, an interface 911, and a bus 915 (e.g., a PCI bus or other interconnection fabric.) System 900 may operate as variety of devices such as an application server, a database server, or any other device or service described herein. Although a particular configuration is described, a variety of alternative configurations are possible. The processor 901 may perform operations such as those described herein. Instructions for performing such operations may be embodied in the memory 903, on one or more non-transitory computer readable media, or on some other storage device. Various specially configured devices can also be used in place of or in addition to the processor 901. The interface 911 may be configured to send and receive data packets over a network. Examples of supported interfaces include, but are not limited to: Ethernet, fast Ethernet, Gigabit Ethernet, frame relay, cable, digital subscriber line (DSL), token ring, Asynchronous Transfer Mode (ATM), High-Speed Serial Interface (HSSI), and Fiber Distributed Data Interface (FDDI). These interfaces may include ports appropriate for communication with the appropriate media. They may also include an independent processor and/or volatile RAM. A computer system or computing device may include or communicate with a monitor, printer, or other suitable display for providing any of the results mentioned herein to a user.

Any of the disclosed implementations may be embodied in various types of hardware, software, firmware, computer readable media, and combinations thereof. For example, some techniques disclosed herein may be implemented, at least in part, by computer-readable media that include program instructions, state information, etc., for configuring a computing system to perform various services and operations described herein. Examples of program instructions include both machine code, such as produced by a compiler, and higher-level code that may be executed via an interpreter. Instructions may be embodied in any suitable language such as, for example, Apex, Java, Python, C++, C, HTML, any other markup language, JavaScript, ActiveX, VBScript, or Perl. Examples of computer-readable media include, but are not limited to: magnetic media such as hard disks and magnetic tape; optical media such as flash memory, compact disk (CD) or digital versatile disk (DVD); magneto-optical media; and other hardware devices such as read-only memory (“ROM”) devices and random-access memory (“RAM”) devices. A computer-readable medium may be any combination of such storage devices.

In the foregoing specification, various techniques and mechanisms may have been described in singular form for clarity. However, it should be noted that some embodiments include multiple iterations of a technique or multiple instantiations of a mechanism unless otherwise noted. For example, a system uses a processor in a variety of contexts but can use multiple processors while remaining within the scope of the present disclosure unless otherwise noted. Similarly, various techniques and mechanisms may have been described as including a connection between two entities. However, a connection does not necessarily mean a direct, unimpeded connection, as a variety of other entities (e.g., bridges, controllers, gateways, etc.) may reside between the two entities.

In the foregoing specification, reference was made in detail to specific embodiments including one or more of the best modes contemplated by the inventors. While various implementations have been described herein, it should be understood that they have been presented by way of example only, and not limitation. For example, some techniques and mechanisms are described herein in the context of on-demand computing environments that include MTSs. However, the techniques of the present invention apply to a wide variety of computing environments. Particular embodiments may be implemented without some or all of the specific details described herein. In other instances, well known process operations have not been described in detail in order not to unnecessarily obscure the present invention. Accordingly, the breadth and scope of the present application should not be limited by any of the implementations described herein, but should be defined only in accordance with the claims and their equivalents. 

1. A database system implemented using a server system, the database system configurable to cause: displaying, on a device of a user of an application or service, a user interface associated with the application or service; identifying the user as being associated with a learning platform; accessing, using a connector connecting the learning platform and the application or service, first data related to performance of the user in the learning platform, the connector configurable to provide a plurality of connections between the application or service and the learning platform; processing an interaction of the user with the application or service; determining, based on the first data, that the user is unauthorized to perform the interaction with the application or service; presenting, responsive to determining that the user is unauthorized to perform the interaction with the application or service, the user with learning content associated with the learning platform; determining that the user has completed the learning content; and providing, responsive to determining that the user has completed the learning content, authorization to the user to perform the interaction with the application or service.
 2. The database system of claim 1, wherein the learning content associated with the learning platform includes a customizable list of learning content configurable by an authorized user associated with a first organization implementing the application or service.
 3. The database system of claim 2, wherein the customizable list of learning content includes one or more of: a module, a video, a walkthrough, a Uniform Resource Locator (URL), a .pdf file, and/or a course.
 4. The database system of claim 1, the database system further configurable to cause: processing a request, from an authorized administrator, to disable a first one of the connections between the application or service and the learning platform; and disabling, responsive to processing the request, the first connection between the application or service and the learning platform.
 5. The database system of claim 1, the database system further configurable to cause: processing a further interaction of the user with the application or service; identifying, based on the further interaction, optional learning content associated with the application or service; presenting, responsive to identifying the optional learning content, the user with the optional learning content associated with the learning platform;
 6. The database system of claim 1, wherein the user interface associated with the application or service is configurable to be dynamically updated in response to activity associated with the learning platform.
 7. The database system of claim 1, wherein the application or service comprises a customer relationship management (CRM) platform and/or a social networking system provided to a plurality of tenant organizations via an on-demand computing environment.
 8. A method for integrating an application or service with a learning platform using a database system, the method comprising: causing display of, on a device of a user of an application or service, a user interface associated with the application or service; identifying the user as being associated with a learning platform; accessing, using a connector connecting the learning platform and the application or service, first data related to performance of the user in the learning platform, the connector configurable to provide a plurality of connections between the application or service and the learning platform; processing an interaction of the user with the application or service; determining, based on the first data, that the user is unauthorized to perform the interaction with the application or service; causing, responsive to determining that the user is unauthorized to perform the interaction with the application or service, the user to be presented with learning content associated with the learning platform; determining that the user has completed the learning content; and providing, responsive to determining that the user has completed the learning content, authorization to the user to perform the interaction with the application or service.
 9. The method of claim 8, wherein the learning content associated with the learning platform includes a customizable list of learning content configurable by an authorized user associated with a first organization implementing the application or service.
 10. The method of claim 9, wherein the customizable list of learning content includes one or more of: a module, a video, a walkthrough, a Uniform Resource Locator (URL), a .pdf file, and/or a course.
 11. The method of claim 8, the method further comprising: processing a request, from an authorized administrator, to disable a first one of the connections between the application or service and the learning platform; and disabling, responsive to processing the request, the first connection between the application or service and the learning platform.
 12. The method of claim 8, the method further comprising: processing a further interaction of the user with the application or service; identifying, based on the further interaction, optional learning content associated with the application or service; presenting, responsive to identifying the optional learning content, the user with the optional learning content associated with the learning platform;
 13. The method of claim 8, wherein the user interface associated with the application or service is configurable to be dynamically updated in response to activity associated with the learning platform.
 14. The method of claim 8, wherein the application or service comprises a customer relationship management (CRM) platform and/or a social networking system provided to a plurality of tenant organizations via an on-demand computing environment.
 15. A computer program product comprising computer-readable program code capable of being executed by one or more processors when retrieved from a non-transitory computer-readable medium, the program code comprising instructions configurable to cause: displaying, on a device of a user of an application or service, a user interface associated with the application or service; identifying the user as being associated with a learning platform; accessing, using a connector connecting the learning platform and the application or service, first data related to performance of the user in the learning platform, the connector configurable to provide a plurality of connections between the application or service and the learning platform; processing an interaction of the user with the application or service; determining, based on the first data, that the user is unauthorized to perform the interaction with the application or service; presenting, responsive to determining that the user is unauthorized to perform the interaction with the application or service, the user with learning content associated with the learning platform; determining that the user has completed the learning content; and providing, responsive to determining that the user has completed the learning content, authorization to the user to perform the interaction with the application or service.
 16. The computer program product of claim 15, wherein the learning content associated with the learning platform includes a customizable list of learning content configurable by an authorized user associated with a first organization implementing the application or service.
 17. The computer program product of claim 16, wherein the customizable list of learning content includes one or more of: a module, a video, a walkthrough, a Uniform Resource Locator (URL), a .pdf file, and/or a course.
 18. The computer program product of claim 15, the instructions further configurable to cause: processing a request, from an authorized administrator, to disable a first one of the connections between the application or service and the learning platform; and disabling, responsive to processing the request, the first connection between the application or service and the learning platform.
 19. The computer program product of claim 15, the instructions further configurable to cause: processing a further interaction of the user with the application or service; identifying, based on the further interaction, optional learning content associated with the application or service; presenting, responsive to identifying the optional learning content, the user with the optional learning content associated with the learning platform;
 20. The computer program product of claim 15, wherein the user interface associated with the application or service is configurable to be dynamically updated in response to activity associated with the learning platform. 